Precise Client Authentication

ehealthsuisse / ch-epr-fhir

Repository for the swiss implementation guide for the FHIR based profiles

3 stars 5 forks source link

Precise Client Authentication #128

Closed martinsmock closed 8 months ago

martinsmock commented 9 months ago

Add text and references for client athentication:

Restrict Access to confidential clients.
Mutual TLS for authentication of the network the request come from.
Client ID for client identification.
Client Secret for client authentication.

Open questions:

How may Mutual TLS work with SMART on FHIR Apps.

martinsmock commented 8 months ago

Correct also statement in https://build.fhir.org/ig/ehealthsuisse/ch-epr-mhealth/iti-71.html#expected-actions-1

"The IUA Authorization Server SHALL identify the IUA Authorization Client (portal or primary system) based on the digital signature of the messages send by the IUA Authorization Client. The IUA Authorization Server MAY use the X.509 certificate of the TLS connection as additional source of information to identify the IUA Authorization Client."